9.1
CVE-2026-46155
- EPSS 0.48%
- Veröffentlicht 28.05.2026 09:36:11
- Zuletzt bearbeitet 09.06.2026 21:04:23
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
smb/client: fix out-of-bounds read in smb2_compound_op()
In the Linux kernel, the following vulnerability has been resolved:
smb/client: fix out-of-bounds read in smb2_compound_op()
If a server sends a truncated response but a large OutputBufferLength, and
terminates the EA list early, check_wsl_eas() returns success without
validating that the entire OutputBufferLength fits within iov_len.
Then smb2_compound_op() does:
memcpy(idata->wsl.eas, data[0], size[0]);
Where size[0] is OutputBufferLength. If iov_len is smaller than size[0],
memcpy can read beyond the end of the rsp_iov allocation and leak adjacent
kernel heap memory.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.6.32 < 6.6.140
Linux ≫ Linux Kernel Version >= 6.9 < 6.12.88
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.30
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.7
Linux ≫ Linux Kernel Version7.1 Updaterc1
Linux ≫ Linux Kernel Version7.1 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.375 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://git.kernel.org/stable/c/dffb44b2e06a2908e249f0f93156fc987eee1d1c
https://git.kernel.org/stable/c/9b3af35645ff9cd334edc130249f9a2fb2bea25f
https://git.kernel.org/stable/c/512d33bc8ea4ea5c19728ee118715f4b1f4d1926
https://git.kernel.org/stable/c/a16f70a71be4b5a4eccf39a9bf09b47285f4cb7c
https://git.kernel.org/stable/c/8d09328dfda089675e4c049f3f256064a1d1996b